Project

General

Profile

Actions

Bug #11450

open

Problem with IPv6 netmask /128 in WireGuard

Added by Marcelo Gondim 10 months ago. Updated 9 months ago.

Status:
New
Priority:
Normal
Assignee:
-
Category:
WireGuard
Target version:
Start date:
02/18/2021
Due date:
% Done:

0%

Estimated time:
Plus Target Version:
Release Notes:
Default
Affected Version:
2.5.0
Affected Architecture:

Description

Hi All,

Creating a WireGuard VPN, I realized that when registering a Peer in "Allowed IPs" he accepts to enter an IPv6 and mask /128 but if we go to the console and do a netstat -rn we will see the error "illegal prefixlen" and a prefix totally wrong inserted in the routes 7400:1000::/0.

Example:

Allowed IPs: fc00:1111::1/128

  1. netstat -6 -rn

Routing tables

Internet6:
Destination Gateway Flags Netif Expire
::1 link#6 UH lo0
fc00:1111:: link#12 UHS lo0
fc00:1111::/64 link#12 U wg0
illegal prefixlen
7400:1000::/0 wg0 US wg0
fe80::%em0/64 link#1 U em0
fe80::215:17ff:fe7b:76a6%em0 link#1 UHS lo0
fe80::%em1/64 link#2 U em1
fe80::215:17ff:fe7b:76a7%em1 link#2 UHS lo0
fe80::%em2/64 link#4 U em2
fe80::21b:21ff:fe9d:4ac9%em2 link#4 UHS lo0
fe80::%lo0/64 link#6 U lo0
fe80::1%lo0 link#6 UHS lo0
fe80::%pppoe0/64 link#9 U pppoe0
fe80::215:17ff:fe7b:76a6%pppoe0 link#9 UHS lo0
fe80::%ovpns2/64 link#10 U ovpns2
fe80::215:17ff:fe7b:76a6%ovpns2 link#10 UHS lo0
fe80::%ovpns3/64 link#11 U ovpns3
fe80::215:17ff:fe7b:76a6%ovpns3 link#11 UHS lo0
fe80::%wg0/64 link#12 U wg0
fe80::215:17ff:fe7b:76a6%wg0 link#12 UHS lo0

If I have fc00:1111::0 on one side of the VPN and on the other side fc00:1111::1, I cannot get an icmp response from both sides and I believe it is due to this error in the route table .

Actions

Also available in: Atom PDF